Iran Likely Suspect in Cyberattacks Against BBC

The BBC is not quite pointing its finger at Iran over recent attempts to disrupt its service, but there appears to be widespread consensus that the country's government is involved. Certainly there is ample anecdotal evidence that Iran is clamping down on the free flow of information in and out of the country and within its borders. "Iran is an oppressive state that censors its citizens' content," noted online security evangelist Robert Siciliano.

By Erika Morphy
03/15/12 8:52 AM PT

The
BBC was the target of hack attacks earlier this month, according to comments made by BBC Director-General Mark Thompson in a
wide-ranging speech to the Royal Television Society on Wednesday.

There was a simultaneous attempt to jam two different satellite feeds of BBC Persian into Iran, and to disrupt BBC's London telephone lines via multiple automatic calls, he said. There was also a sophisticated cyberattack on the news service.

The BCC could not prove who was behind the source of the attacks, which were "nothing new," Thompson said, but "we regard the coincidence of these different attacks as self-evidently suspicious."

He declined to go into further detail other than to say the BBC is "taking every step we can, as we always do, to ensure that this vital service continues to reach the people who need it."

The BBC did not respond to our request for further details.

The Trouble With Iran

Despite Thompson's reticence to definitively identify the source of the attack, it is widely assumed Iran was behind it.

There is no actual evidence to suggest the attack came from Iran, according to Graham Cluley, senior technology consultant with Sophos.

All the same, "I wouldn't be surprised if it was Iran," he told TechNewsWorld.

There has been ongoing hostility between the Iranian authorities and the BBC, he noted, as Tehran has been trying to block broadcasts into the country. "Presumably they don't want their citizens to hear what the BBC is saying."

Certainly there is ample anecdotal evidence that Iran is clamping down on the free flow of information in and out of the country and within its borders. Last month, reports circulated that Internet access to certain sites -- including encrypted websites that use the HTTPS protocol -- had become severely restricted.

The country is also planning to implement the so-called National Internet -- a country-wide firewall that is meant to block out websites undesirable to the government.

Last month, Iran sentenced to death Canadian resident Saeed Malekpour, who was arrested in 2008 for spreading pornographic material. His supporters say that a program he developed for uploading photos had been used without his knowledge to post the offending photos.

For these and other reasons, Reporters Without Borders has
named Iran an "Enemy of the Internet."

That label has been ill received in Tehran, noted online security evangelist
Robert Siciliano.

"Iran is an oppressive state that censors its citizens' content, and they are upset by recent news reports of them being labeled an 'Enemy of the Internet,'" he told TechNewsWorld.

Some Assumptions

Although the BBC is keeping the details of the attack to itself, some broad conclusions can be drawn about what happened -- and how it and other news organizations might prevent a similar disruption.

The attack seemed to take the form of a distributed denial-of-service (DDoS) attack, affecting Iranian TV, satellites and internal BBC communications, Siciliano said.

"Whenever DDoS is used as an attack mechanism, organizations generally bounce back pretty quickly," he said. "However, it's attacks like these that make them invest heavily in additional infrastructure so it doesn't happen again."

Because we really don't know much about the nature of the cyberattack against the BBC, it's very hard to offer advice, Cluley added.

"However, good practice would include securing your computers, keeping up-to-date with patches, deploying filtering software to protect your email and Web gateways, and working with your technology providers to see how you might best deflect a DDoS attack," he said.